Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-15072 An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section. | 8.8 | HIGH | β | 0 |
| CVE-2020-15073 An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists sec... | 5.4 | MEDIUM | β | 0 |
| CVE-2020-5974 NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privilege... | 7.8 | HIGH | β | 0 |
| CVE-2020-5604 Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of Jav... | 8.1 | HIGH | β | 0 |
| CVE-2020-9376 D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the m... | 7.5 | HIGH | β | 0 |
| CVE-2020-12424 When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; ... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-5366 Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulat... | 7.1 | HIGH | β | 0 |
| CVE-2020-7457 In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socke... | 8.1 | HIGH | β | 0 |
| CVE-2020-7458 In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end o... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7692 PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee... | 7.4 | HIGH | β | 0 |
| CVE-2020-7693 Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20. | 5.3 | MEDIUM | β | 0 |
| CVE-2020-12398 If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent w... | 7.5 | HIGH | β | 0 |
| CVE-2020-12399 NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefo... | 4.4 | MEDIUM | β | 0 |
| CVE-2020-12402 During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perfor... | 4.4 | MEDIUM | β | 0 |
| CVE-2020-12404 For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnerab... | 4.3 | MEDIUM | β | 0 |
| CVE-2020-15700 An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability. | 6.3 | MEDIUM | β | 0 |
| CVE-2020-12405 When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and ... | 5.3 | MEDIUM | β | 0 |
| CVE-2020-12406 Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code... | 8.8 | HIGH | β | 0 |
| CVE-2020-12407 Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the us... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-12408 When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox < 77. | 6.5 | MEDIUM | β | 0 |
| CVE-2020-12409 When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox < 77. | 8.8 | HIGH | β | 0 |
| CVE-2020-12416 A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnera... | 8.8 | HIGH | β | 0 |
| CVE-2020-12410 Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these ... | 8.8 | HIGH | β | 0 |
| CVE-2020-12411 Mozilla developers reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been explo... | 8.8 | HIGH | β | 0 |
| CVE-2020-12412 By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon... | 4.3 | MEDIUM | β | 0 |
| CVE-2020-12414 IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted ... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-12415 When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to serv... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-2228 Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. | 8.8 | HIGH | β | 0 |
| CVE-2020-12417 Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects ... | 8.8 | HIGH | β | 0 |
| CVE-2020-12418 Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-12419 When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a ... | 8.8 | HIGH | β | 0 |
| CVE-2020-12420 When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects ... | 8.8 | HIGH | β | 0 |
| CVE-2020-12421 When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become ... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-12422 In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploit... | 8.8 | HIGH | β | 0 |
| CVE-2020-12423 When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code e... | 7.8 | HIGH | β | 0 |
| CVE-2020-12425 Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox < 78. | 6.5 | MEDIUM | β | 0 |
| CVE-2024-7229 Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An a... | 7.8 | HIGH | β | 0 |
| CVE-2020-12426 Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these... | 8.8 | HIGH | β | 0 |
| CVE-2020-13992 An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user's logged in session. A user with sufficient privile... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-13993 An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated attackers to retrieve information from the database via a ticket. | 7.5 | HIGH | β | 0 |
| CVE-2020-13994 An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This ... | 8.8 | HIGH | β | 0 |
| CVE-2020-10756 An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-15526 In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the scope for disabling some TLS security certificate checks can extend beyond that defined by various options on the Configuration > Notificat... | 5.9 | MEDIUM | β | 0 |
| CVE-2019-17638 In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer contai... | 9.4 | CRITICAL | β | 0 |
| CVE-2020-13131 An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library (which is included in yubico-piv-tool) does not properly check embedded length fields during device communication. A... | 4.3 | MEDIUM | β | 0 |
| CVE-2020-13132 An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free() in the ykpiv_util_generate_key() function in lib/util.c through incorrect error handling code. This... | 4.6 | MEDIUM | β | 0 |
| CVE-2020-14170 Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulne... | 4.3 | MEDIUM | β | 0 |
| CVE-2020-14171 Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack. | 6.5 | MEDIUM | β | 0 |
| CVE-2020-15000 A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6. OpenPGP has three passwords: Admin PIN, Reset Code, and User PIN. The Reset Code is used to reset the User PIN, but ... | 5.9 | MEDIUM | β | 0 |
| CVE-2020-15001 An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is i... | 5.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.